1) MIME Pattern Filter: It is used to identify traffic in HTTP and MAIL protocols. There are block and exception lists of MIME patterns. Exception list takes precedence over block list. If the same entry exists on both block and exception list, that type of traffic won’t be blocked because it is in the exception list.

2) Block Extension List: Blocking based on the extension of the file

3) Protocol command block/permit lists: By blocking or allowing certain commands, traffic can also be controlled on the protocol command level.

Configuration of Custom Objects

[edit security utm]

root@host# show

custom-objects {

mime-pattern {

mime-list {

value [ video/quicktime image/jpeg ];

}

ex-mime-list {

value video/testmime;

}

}

filename-extension {

extlist1 {

value [ zip rar vbs ];

}

}

protocol-command {

ftpproto1 {

value [ user pass port ];

}

}

}

Configuration of Feature Profile

[edit security utm]

root@host# show feature-profile

content-filtering {

profile confilter1 {

block-command ftpproto1;

block-extension extlist1;

block-mime {

list mime-list;

exception ex-mime-list;

}

block-content-type {

java-applet;

exe;

http-cookie;

}

notification-options {

type message;

notify-mail-sender;

custom-message ” operation failed “;

}

}

} Configuration of utm policy

[edit security utm]

root@host# show | find utm-policy

utm-policy utm-con {

content-filtering {

http-profile confilter1;

}

} Applying utm policy to security policy

[edit security policies from-zone trust to-zone untrust]

root@host# show

policy cont-filtering {

match {

source-address any;

destination-address any;

application junos-http;

}

then {

permit {

application-services {

utm-policy utm-con;

}

}

}

}

Monitoring Content Filtering

root@host> show security utm content-filtering statistics

Content-filtering-statistic: Blocked

Base on command list: 0

Base on mime list: 0

Base on extension list: 0

ActiveX plugin: 0

Java applet: 0

EXE files: 0

ZIP files: 0

HTTP cookie: 0

Related

Worked for more than 10 years as a Network/Support Engineer and also interested in Python, Linux, Security and SD-WAN, currently living in the Netherlands and works as a Network Support Engineer.
// JNCIE-SEC #223 / RHCE / PCNSE